CVE-2023-5630 - Vulnerability Details

A CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a
privileged user to install an untrusted firmware.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00097.

Key SSVC decision points have not yet been added.

Vendors	Products
Schneider-electric	Eb450 Eb450 Firmware Eb45e Eb45e Firmware Eh450 Eh450 Firmware Eh45e Eh45e Firmware Er450 Er450 Firmware Er45e Er45e Firmware Jr240 Jr240 Firmware Jr900 Jr900 Firmware Qb150 Qb150 Firmware Qb450 Qb450 Firmware Qh150 Qh150 Firmware Qh450 Qh450 Firmware Qp150 Qp150 Firmware Qp450 Qp450 Firmware Qr150 Qr150 Firmware Qr450 Qr450 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:eb450_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:eb450:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:schneider-electric:eb45e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:eb45e:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:schneider-electric:eh450_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:eh450:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:schneider-electric:eh45e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:eh45e:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:schneider-electric:er450_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:er450:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:schneider-electric:er45e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:er45e:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:schneider-electric:jr240_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:jr240:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:schneider-electric:jr900_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:jr900:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:schneider-electric:qr450_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:qr450:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:schneider-electric:qr150_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:qr150:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:schneider-electric:qb450_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:qb450:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:schneider-electric:qb150_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:qb150:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:schneider-electric:qp450_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:qp450:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:schneider-electric:qp150_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:qp150:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:schneider-electric:qh450_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:qh450:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:schneider-electric:qh150_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:qh150:-:*:*:*:*:*:*:*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-57923	A CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a privileged user to install an untrusted firmware.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-346-01.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: schneider

Published: 2023-12-14T04:49:38.476Z

Updated: 2024-08-02T08:07:32.371Z

Reserved: 2023-10-18T06:16:44.486Z

Link: CVE-2023-5630

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-12-14T05:15:13.663

Modified: 2024-11-21T08:42:09.240

Link: CVE-2023-5630

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object